Add MSIX installer to GitHub workflow

[davidanthoff]

This is also ready now for a first go. Couple of comments:

• This now produces two installers. One with @dscho as the publisher, and a second version where we will put in the publisher name that the Windows Store submission gives us, i.e. we'll need to produce two versions, one for the store and one for the standalone MSIX.
• I put a step in there where @dscho could put in the signing step of the standalone MSIX file with his cert. We don't need to sign the store version, that will just be uploaded unsigned to the store and then get signed with an MS cert.

There are various todos still, but I think for now it would be good to merge this and test whether we can actually produce a properly signed standalone MSIX and try that out. I'll open a separate issue to track things that still need to be sorted out.

[dscho]

Could you also have a look at the msix branch here: https://github.com/dscho/build-extra/commits/msix ?

In particular, it fixes the bug where no files were packaged.

However, as I pointed out here, there is a fundamental problem for now that prevents /dev/stderr from being installed as expected.

[dscho]

I think we can use the signtool.exe, but I don't know where to find it. Maybe there is a default location, or an environment variable to find it?

Also, this step should be conditional on finding the secret variables, just like it was done here:

git/.github/workflows/git-artifacts.yml

Lines 169 to 180 in 508bb26

	- name: Prepare home directory for code-signing
	env:
	CODESIGN_P12: ${{secrets.CODESIGN_P12}}
	CODESIGN_PASS: ${{secrets.CODESIGN_PASS}}
	if: env.SKIP != 'true' && env.CODESIGN_P12 != '' && env.CODESIGN_PASS != ''
	shell: bash
	run: |
	cd home &&
	mkdir -p .sig &&
	echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >.sig/codesign.p12 &&
	echo -n "$CODESIGN_PASS" >.sig/codesign.pass
	git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'

Sadly, you won't be able to use the sign-tool.sh from build-extra as in the linked workflow: it uses osslsigncode, which is unable to sign .appx/.msix files. But you should be able to use signtool.exe because the workflow is designed to run in GitHub Actions' agents, which have all kinds of software preinstalled, including the Windows Software Kit (or however it is called).

[soredake]

Any progress on this?

[dscho]

The current situation is this:

• It costs money to publish to the Microsoft Store, something the Git for Windows project does not have (never had, in fact, all it had was donated time and expertise).
• It seems impossible to even test the APPX properly without paying money.
• Most of the blockers have been addressed in the meantime, with one notable exception: the Git for Windows installer allows to configure tons of options but the APPX offers none of that.
• Very, very few people have asked for Git for Windows to be available on the Microsoft Store. This suggests an unfavorable effort/benefit ratio.

[rudyhuyn]

Hi @dscho, I’m from the Microsoft Store team.

We can definitely cover the publisher account fee for you. Send me a DM on Twitter/X if you're interested!

If using Appx/MSIX is a concern, you can now list a classic MSI/EXE in the Store without needing to convert it, you only need to publish the URL of your installer.